PGP Guide

PGP (Pretty Good Privacy)

The downsides of using PGP have more to do with data encryption in general rather than PGP as software.

PGP or Pretty Good Privacy is software developed for the purpose of providing good, fast and accessible encryption to anyone who might need it.

The first version of PGP was developed by Phil Zimmermann in 1991. Since then and since its simple symmetric key algorithm, PGP has evolved to become an encryption standard for today’s market.

PGP uses what is known as “hybrid encryption” that utilizes the benefits of several different encryption methods in order to provide the best balance between encryption speed and security.

PGP – Encryption

Thanks to its unique encryption method, PGP is now considered a standard in encryption industry.

This is done by first compressing the data to increase the speed at which it can be sent and also to help in preventing pattern attacks. There is a special, temporary session key created for this which allows for a fast encryption of compressed cyphertext.

After the session key is created, it is encrypted using recipient’s public key and sent along with the cyphertext.

Decryption is the same as encryption, done in reverse. The public key decryption which takes a lot of time to perform is instead done on a smaller session key, before it can be used to decipher cyphertext.

This allows for both quick and safe encryption available in the form of freeware.

The downsides of using PGP have more to do with data encryption in general rather than PGP as software.

• The most obvious one is the fact that you need to keep your key private at all costs, since the moment you let somebody else have access to it, means that your information is compromised and can easily be stolen.

• Another thing to worry about is that, due to the fact that PGP has a pre-boot authentication, in the instance of any drive failure or corruption you will have a very hard time salvaging the encrypted data from it.

• And lastly, in case you decide to encrypt your entire drive, you will not be able to create a backup image of it unless you decrypt the entire thing.

PGP – Keys

PGP uses two sorts of keys used to encrypt and decrypt messages:

• PGP public key, used for encrypting and which everyone can see and

• PGP private key, used for decrypting, which only you can see.

So if you want to send someone an encrypted message you have to know their public key, and you can ask them to give you, or you can search for it the at the public PGP market or anywhere on the internet.

The message you are sending is going to be encrypted with the receiver’s public key and when he receives it, he will decrypt it with his private key. This way you are sure that nobody else will be able to decrypt it, even if they know your or the receiver’s public key.

However, when you are using PGP signatures, the process is reversed. Meaning, I will sign my message with my name or pseudonym, encrypt it with my private key and paste it to the document I wish to sign.

The only way to make sure that I really wrote that message is to decrypt it with my public key.

Since PGP Corp was purchased by Symantec, PGP is now available only from Symantec.

However, there are some other tools that might suit the purpose, and one of them is called GPG4Win (GNU Privacy Guard for Windows) and it can be downloaded from here: https://gpg4win.org/download.html

Setting up GPG4Win

When you download the file and run it, you will be able to choose which of the components you wish to install. Simply select Kleopatra, GpgEX, and Gpg4win Compendium.

Now that you’ve got the tools, you can easily send your encrypted messages.

I. Generate keypairs

After you’ve installed everything, open Kleopatra. We will use this software to generate your keypair. Remember, you cannot send a message before you know your receiver’s public key, and vice versa – nobody can send you a message unless you have and share your public PGP key.

Fill in the information, but before you click Next, there are some additional setting to configure, so click – Advanced Settings.

Make sure that RSA is checked and choose 4,096 bits; also check if the Signing and Encryption are checked. When you are done, click OK.

The next Window will ask you to confirm that all of the details are correct, so, when ready, click Create Key.

This popup will ask you to enter a passphrase. Passphrase is different than the password; it is much longer and it contains both upper and lower case letters and numbers. Make sure you remember the passphrase, or write it down and keep it safe. If you lose it, you’ll never again be able to use your private key and decrypt your messages.

Your key will then be generated.

Finally, when your private key pair is created, click Finish.

II. Export public key

Next thing you want to do is to Export your public key. Select your key and click – Export Certificates. Choose where you want to save it. Don’t forget to add your key to the public market so people can contact you more easily.

III. Preserve private key

Next step is to preserve your private key. To do that, select your key file once again, right click and then select – Export Secret Keys. Make sure you place it somewhere safe and keep it to yourself.

IV. Import public keys

To import somebody’s key, simply copy it from the source you’ve obtained it, and paste the whole key including the text —–BEGIN PGP PUBLIC KEY BLOCK—– to —–END PGP PUBLIC KEY BLOCK—

V. Encrypting a message

It will ask you to choose a receiver. Remember, it is important to pick the right one, since your message is going to be encrypted by the receiver’s public key.

The wizard will lead you all the way through, and you message should look something like this:

VI. Decrypting a message

When you receive the PGP message, all you should do is copy it, right click on Kleopatra icon, Clipboard – Decrypt/Verify

A popup will show, asking you to enter your passphrase.

A window should appear verifying it’s been decrypted and copied to your clipboard. Click Finish.

Open your notepad or any other text editor and paste your message. It’s that easy!

Happy messaging!

Disclaimer:

The articles and content found on Dark Web News are for general information purposes only and are not intended to solicit illegal activity or constitute legal advice. Using drugs is harmful to your health and can cause serious problems including death and imprisonment, and any treatment should not be undertaken without medical supervision.

37 COMMENTS

Of course, & your VPN & I’d suggest Lavabit encrypted email service. For chissakes, why would anyone allow themselves to be lazy or cheap when it comes to preventing the possibility of rotting away for years in some fucking prison (and believe me that’s what will happen if you’re busted-cops & judges HATE us) . Keep trying or find a trusted person to help you. If you want to remain free, any & everything you can do toward remaining anonymous & encrypted should be your most important concern.

Maybe I don’t understand pgp, but it seems that if your public key is out there for anyone to obtain, LE would only need to watch the suspect email that receives the message to unlock it. And wouldn’t symantic have a back door to the pgp program they are marketing. And doesn’t encrypting messages just make it easier to watch certain people instead of everyone. I like the code where you tell your recipient a certain book and then reference to page and line number for your message. There is also disappearing ink which is pretty popular. Lol

I dont think you understand PGP. If you have someones public key you can encrypt a message to them, but only someone with the matching private key AND knows the password could decrypt it. Cops would have to figure out who the message is going to, hack their computer to grab the private key and install a keylogger to capture the password. Google “nsa pgp snowden” and you’ll see that according to the leaked docs in 2014 the NSA still couldnt crack PGP despite working on it for over 25 years.

The process is of course long and involved. If it was short and easy it most likely would not be very effective. As far as Symantic is concerned, I suspect they, being a large corporation, have placed a back door into the program for the benefit of the gestapo government. I’m sure they would rather have the IRS up their personal back door rather than give the gestapo a back door, eh?

PGP encryption is pretty strong, I personally trust it very much. I’ve run it through Reaver and several key docs- never been able to get it without the private key corresponsing to the public key used to encrypt the message. However I think it’s worth mentioning here that ANYONE can send you a message using your public key and you could decrypt it. But how do you know the person sending you that message can be trusted? Digital signing (using your private key) is what makes PGP so secure in my eyes. When you “sign” a document and ecrypt that signature with your PRIVATE key only your PUBLIC key (which your recipient already has) can decrypt it. If their software is able to decrypt it then the signature is verified and you know that the person who signed the document was the only one to access it before you- if someone alters the document in any way during transmission- the signature is immediately invalidated. PGP is SO worth the headache.

Dark Web News is a publication dedicated to bringing the latest news about TOR, hidden marketplaces, and everything related to the dark web. We work hard to find and report on the most exciting and relevant dark net news. We also offer help and advice on using the dark net safely and securely.